Cybersecurity News

Limited Security, Privacy Budgets Impede Connected Health Growth

Small security and privacy budgets limit the growth of connected health solutions despite an increased use of these technologies during the COVID-19 pandemic, according to the latest Insights report from Xtelligent Healthcare Media.

small security, privacy budgets impede connected health

Source: Getty Images

By Emily Sokol, MPH

- Security and privacy remain high priorities for hospitals and health systems. Yet small budgets to invest in that security protocol impede progress towards a more connected health experience, uncovered Insights by Xtelligent Healthcare Media in its latest report.

Connected health solutions including telehealth technologies have exploded amidst the COVID-19 pandemic, allowing providers to continue delivering care while keeping patients safe at home. Many patients have now even begun to expect a more digitized patient experience. But these solutions open organizations to more security and privacy breaches.

To understand the growing impact of connected health solutions across the industry, the research division of Xtelligent Healthcare Media, Insights, conducted a survey of provider organizations. The goal was to understand how hospitals and health systems, primary care physician groups, behavioral health facilities, and other care organizations are overcoming security and privacy challenges when rolling out connected health solutions.

Organizations are most concerned with HIPAA compliance, according to 55 percent of respondents. Cybersecurity and interoperability are also large concerns, say 53 percent and 49 percent of respondents, respectively.

“The requirement for interoperability and increasing interoperability opens your organization up to more potential threats because you’re making more connections to more places,” a healthcare security professional said during qualitative follow-up.

“If there are regional health information exchanges, these are large organizations that broker information from institution A to institution B by passing medical information back and forth. You’re increasing your attack surface quite a bit,” he continued. “You open up an interface. You have to worry about authentication and securing those interfaces. You have to have assurances that they’ve met certain security requirements.”

Increased data exchange, while critical for care coordination, also increases an organization’s attack surface. The most common threat organizations report are phishing attempts, according to 52 percent of all respondents. Other security threats are less common. Fifteen percent of respondents say unauthorized access attempts are the most common and only five percent say the same of brute-force attacks.

But many of these threats have increased since the start of the COVID-19 pandemic: 39 percent of respondents report an increase in phishing attempts and another 24 percent saw an increase in unauthorized access attempts.

To combat these increased attacks, hospitals, health systems, and other provider organizations are leveraging a variety of strategies including investing in security tools (58 percent), increasing monitoring (47 percent), and increasing patch management (24 percent).

“We’re encouraging providers to not take the shortcut,” a representative from a non-profit connected health organization noted during qualitative follow-up. “This way, if you stick with telehealth, you don’t have to suddenly switch your patients to something new, which causes disruptions and makes people cranky.”

Maintaining pre-pandemic security and privacy standards will help avoid attacks in the present and future when leniency in guidelines subside. But upholding these standards requires financial support.

While organizations claim to be improving their security and privacy practices, organizational budgets do not reflect the same sentiment. Only one to five percent of overall budget is allocated to security, privacy, and compliance, according to 20 percent of respondents, but most (55 percent) say they do not know how much of their budget is allocated to this domain.

Organizations are, therefore, stuck knowing increased threats are looming but without a budget to support addressing these challenges. If organizations are to continue integrating more connected health solutions and opening themselves up to more cybersecurity threats, security needs to remain the topmost priority.

Thankfully, 45 percent of organizations surveyed say cybersecurity has always been top-of-mind. Another 31 percent say it has increased in importance amidst COVID-19.

“There are going to be winners and losers from a security standpoint,” the healthcare security professional continued.

Having cybersecurity top-of-mind will not be enough. Organizations will need the financial backing to support security and privacy efforts and truly put their money where their mouth is. Otherwise, they risk opening their systems and patients to a string of security and privacy breaches.

Security and Privacy Challenges to Connected Health also highlights state of connected healthcare at provider organizations and the security and privacy challenges to implementing these tools including remote patient monitoring solutions. The full report can be found here.